public async Task <IActionResult> AddComment(string postId, Comment comment) { var post = await _blog.GetPostById(postId); if (!ModelState.IsValid) { return(View("Post", post)); } if (post == null || !post.AreCommentsOpen(_settings.Value.CommentsCloseAfterDays)) { return(NotFound()); } comment.IsAdmin = User.Identity.IsAuthenticated; comment.Content = comment.Content.Trim(); comment.Author = comment.Author.Trim(); comment.Email = comment.Email.Trim(); // the website form key should have been removed by javascript // unless the comment was posted by a spam robot if (!Request.Form.ContainsKey("website")) { post.Comments.Add(comment); await _blog.AddCommentAsync(post.Id, comment); } return(Redirect(post.GetLink() + "#" + comment.Id)); }
public async Task <JsonResult> SaveComment([FromBody] CommentViewModel comment, int postid) { try { if (ModelState.IsValid) { comment.Text = Sanitizer.GetSafeHtmlFragment(comment.Text); comment.Email = Sanitizer.GetSafeHtmlFragment(comment.Email); comment.name = Sanitizer.GetSafeHtmlFragment(comment.name); if (!comment.Email.EmailValidation()) { return(Json("email is not valid")); } await service.AddCommentAsync(new PostCommentDto() { Email = comment.Email, Name = comment.name, Text = comment.Text, PostId = postid }); await service.SaveChangesAsync(); return(Json("success")); } else { StringBuilder sb = new StringBuilder(); foreach (var item in ModelState.Values) { foreach (var error in item.Errors) { sb.AppendLine(error.ErrorMessage); } } return(Json(sb.ToString())); } } catch (Exception) { throw; } }